Security News > 2020 > November > QBot partners with Egregor ransomware in bot-fueled attacks
The Qbot banking trojan has dropped the ProLock ransomware in favor of the Egregor ransomware who burst into activity in September.
Since their launch in September 2020, Egregor has been one of the most active big game hunting ransomware operations currently active.
After the notorious Maze ransomware gang began shutting down their operation in September, many of their affiliates moved to the new Egregor operation.
While the ransomware has changed, Skulkin states that the tactics, techniques, and procedures currently used by Egregor are similar to the previous attacks with ProLock.
"The use of CobaltStike and QakBot are to watch when hunting for Egregor. More threat hunting and detection tips from Group-IB DFIR team as well as a detailed technical analysis of Egregor operations are available in Group-IB's blog," Skulkin offers as advice when defending against Egregor.
News URL
Related news
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)